Data files can be stored remotely at remote third-party sites (or company servers) rather than locally. Benefits of remote storage include data backup and redundancy, and remote access to the particular data files by one or more users. A data file to be stored remotely may contain private or confidential content, and the private content needs to be protected from attacks on the third-party site from without or within. To protect the private content, the data file may be transmitted in secure data transmissions between local systems and the third-party site, and the data file may be encrypted and stored in the encrypted form. However, in such an environment the encryption of the data file is typically handled by the third-party site, and the decryption keys are held by the third-party site. Thus, the privacy of the data file is still vulnerable to compromise by malicious operators of the third-party site or an external attack on the third-party site. Alternatively, each user of a data file with private content can encrypt the file prior to transmitting it to the third party site, but this requires each user to have the appropriate key or keys for encrypting the document each time it is transmitted to others and for decrypting the data file when it is accessed. This arrangement is inconvenient due to the need of multiple users to manage keys and also insecure due to the sharing of keys.